Aphinia - Your CISO Wire Update

Here’s your weekly update on comings and goings, jobs, networking opportunities and actionable insights:

These are the most recent appointments and promotions of your cybersecurity peers. Say “CONGRATS!”🥂 to:

→ Attila Torok was appointed as Chief Information Security Officer at GoTo.

→ Roger Ouellette was appointed as Chief Information Security Officer at V2X.

→ Simon Hogg was appointed as Chief Information Security Officer at Eigen Technologies.

→ Yonesy Nunez was appointed as Chief Information Security Officer at The Depository Trust and Clearing Corporation.

→ Myke Lyons was appointed as Chief Information Security Officer at Snyk.

→ Sreeni Venugopal was appointed as Chief Information Security Officer at Aster DM Healthcare.

→ Jennifer Benson was appointed as Chief Information Security Officer at The Financial Information System for California (Fi$cal).

→ Dan Sheehan was appointed as Chief Information Security Officer at Wolfe.

→ Alfred Pasta was appointed as Chief Information Security Officer at Dynapt.

→ Arindam Bose was appointed as Chief Information Security Officer at Wedbush Securities.

→ Brian Cayer was appointed as Chief Information Security Officer at Keck Medicine of USC.

→ Adrian Guevara was appointed as Chief Information Security Officer at WillowTree.

→ Margaret Nolia was appointed as Divisional Chief Information Security Officer at Truist.

→ Michelle Ayala was appointed as Chief Information Security Officer at The AZEK Company.

→ Mike Nichols was appointed as Divisional Chief Information Security Officer at CIRCOR International.

→ Tom Stumpek was appointed as Divisional Chief Information Security Officer at Pursuit Aerospace.

→ Scott Kampwerth was appointed as Divisional Chief Information Security Officer at Emerson.

→ Erik Ryer was appointed as Divisional Chief Information Security Officer at TriWest Healthcare Alliance.

Appointed? Promoted? Let us know!

Aphinia is growing! Say hello, reach and connect with our new members:

• Matthew Martin, Deputy CISO, LPL Financial

• Ben Mead, Deputy CISO, Director of Cybersecurity and Compliance, Emerald X, LLC.

• Bill Mazzara, SWX Product Cybersecurity Principle Engineer, Stellantis

• Celestain Fonge, Principal Cybersecurity Architect, 3D Systems

• Eli Mezei, Head of Security - Amazon Prime Video, Amazon

• Jim Swart, CISO, Apprio Inc.

• Katrina Biscay, CISO, University of Cincinnati

• Christophe Bassono, Cybersecurity Engineer, Bank Of The West

• Ivan Cheung, Product Manager, Infrastructure Vulnerability Management Engineering, U.S. Bank

Welcome on board!

Do you want to share your story with fellow CISOs? Want to impart your wisdom and share actionable insights? And - importantly - to further enhance your personal brand and get visibility for the next advisory role, consulting gig or a new position? 

Check out our wide ranging conversation with our guest Darrel Raynor (Senior Director, Technology & Cybersecurity, Heartland AEA ) on the state of cybersecurity landscape, current and emergent infused threats and career advice:

For your personal 30 minutes of spotlight simply respond with "interview" in the subject of the email and we will find time that works for you. 

Our dance card is filling up fast, please respond today!

Several important events happened that merit your attention:

• U.S. Ambassador to China got hacked. Hackers linked to Beijing accessed the email account of the U.S. ambassador to China, Nicholas Burns, in an attack that is believed to have compromised at least hundreds of thousands of individual U.S. government emails, according to people familiar with the matter.  

• You got Mali! Millions of DoD emails often containing classified information were sent to an email server in Mali by mistake due to a typo. There is a collection of emails destined for the US military, with its top-level domain ".mil" is instead mistakenly sent to ".ml", the country-code top-level domain for Mali.  The current manager of the .ml domain, Dutch entrepreneur Johannes Zuurbier, has collected over 117,000 misdirected emails since January this year in an effort to convince the US government of the problem.

• Kevin Mitnick passed away. The OG hacker extraordinaire died on July 16th after a valiant battle with pancreatic cancer. I met Kevin at RSA at his book signing a few years back and he left quite an impression. Rest In Peace.

• Fourth Amendment Is Not For Sale Act: The House Judiciary Committee passed a proposed bill that would ban government and law enforcement agencies from buying the personal information of Americans from data brokers without a warrant. Named the Fourth Amendment Is Not For Sale Act, the bill was first introduced in 2021. It received massive support this year after revelations that the US military, intelligence, and law enforcement agencies were creating massive private databases by buying the data of US citizens from the data broker market.

• CANSEE Act: A bipartisan group unveiled a bill named the CANSEE Act that aims to introduce stronger rules meant to target and stop cryptocurrency money laundering operations. The bill targets DeFi platforms and crypto ATMs.

• Chinese APT stealth tactics: Mandiant released a report on the stealth strategies of Chinese APT groups. The report covers their use of zero-days in edge networking devices for initial access, the use of botnets and tunneling software to disguise C&C traffic and data exfiltration.

• Social engineering attack on GitHub: A North Korean APT group named Jade Sleet is been running social-engineering campaigns on GitHub, trying to entice employees of technology firms into working on malicious GitHub projects that infect victims with malware. The GitHub projects are typically media players and cryptocurrency trading tools that contain malicious npm libraries. GitHub says the campaign targeted employees working for cryptocurrency, online gambling, and cybersecurity firms.

• TSMC to delay Arizona chip factory. Taiwan Semiconductor Manufacturing Co., said sales are likely to decline 10% this year and a planned Arizona factory would miss its target of starting mass production next year. TSMC’s statements Thursday reflected industry challenges including soft consumer demand, rising costs and a shortage of various types of skilled worker. The company said people with expertise erecting semiconductor facilities were in short supply in the U.S. 

These senior cybersecurity sales roles you may want to forward to your friends and colleagues:

→ Heritage Bank of Commerce is looking for a Chief Information Security Officer in San Jose, CA.

→ Insulet is looking for a Chief Information Security Officer in San Diego, CA.

→ US Senate is looking for a Chief Information Security Officer in Washington, DC.

→ State of New Mexico is looking for a Chief Information Security Officer in Santa Fe, NM.

→ UW Health is looking for a Vice President / Chief Information Security Officer in Madison, US.

→ First American Bank is looking for a Chief Information Security Officer in Elk Grove Village, IL.

→ Methodist Le Bonheur Healthcare is looking for a Deputy Chief, Information Security Officer in Memphis, TN.

→ Mount Saint Mary College is looking for a Chief Information & Security Officer in Newburgh, NY.

→ State of Maryland is looking for a Chief Information Security Officer in Annapolis, MD.

Looking for a job? Hiring? Let us know.

These are virtual and live events for the cyber community you may find interesting:

=Industry Events=

• BlackHat is taking place on August 5, 2023 in Las Vegas, NV. Are you going? We'd love to meet!

• InfoSec World is taking place on September 25-27, 2023 in Lake Buena Vista, FL

• CISO Summit is taking place on November 16, 2023 in New York, NY.

• CyberTech is taking place on January 29-31, 2024 in Tel Aviv, Israel.

If you are planning to attend #BlackHat in August, please let me know. We’d love to meet face to face.

Attending or hosting an event? Let us know!

There’s been discussion on implications of using AI products by OpenAI (ChatGPT) and Github (Copilot) in the work environment - from cybersecurity and potentially, legal standpoints.

To offer your opinion on the subject and to participate in the discussion, join Aphinia Slack channel here >

Bad guys have been busy recently 📈 :

• JumpCloud breached by North Korean hackers.

• Estée Lauder breached by hackers stealing “sensitive information”.

• Tampa General leaked information on 1.2 million patients.

• Chinese hackers breached Microsoft Outlook accounts.

• 700,000 Turkish TikTok accounts were hacked prior to the presidential election.

But a handful of bad guys were nabbed 👮‍♀️:

• Spanish police ends a decade on the run for Ukrainian hacker.

• Conor Brian Fitzpatrick pleads guilty in the BreachForum case.

• Arion Kurtaj who hacked into Uber, Nvidia and Rockstar Games declared unfit for trial.

• Former security engineer charged with stealing $9 million from a crypto exchange.

• Ukranian police took down a bot farm.

Stay safe.

Misha Sobolev

Aphinia